mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-06-09 16:33:02 +00:00
Code Issues Releases Wiki Activity

Make BiqueryPollJobAction endpoint internal only (#955)

Browse Source 
* Make BiqueryPollJobAction endpoint internal only

This endpoint makes use of java object deserialization, which allows a
malicious actor to craft a request that can initiate overly broad actions on
the server.  Since this endpoint is not widely used for operational purposes,
limit its authorization to "internal only" so that no user agents (even with
admin privs) can access it.
This commit is contained in:
Michael Muller
2021-02-05 07:50:51 -05:00
committed by GitHub
parent 5100057dd5
commit 29bf0f3965
4 changed files with 60 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
core/src/main/java/google/registry/export/BigqueryPollJobAction.java
View File

@@ -45,13 +45,16 @@ import org.joda.time.Duration;
/**
* An action which polls the state of a bigquery job. If it is completed then it will log its
* completion state; otherwise it will return a failure code so that the task will be retried.
*
* <p>Note that this is AUTH_INTERNAL_ONLY: we don't allow "admin" for this to mitigate a
* vulnerability, see b/177308043.
*/
@Action(
service = Action.Service.BACKEND,
path = BigqueryPollJobAction.PATH,
method = {Action.Method.GET, Action.Method.POST},
automaticallyPrintOk = true,
auth = Auth.AUTH_INTERNAL_OR_ADMIN)
auth = Auth.AUTH_INTERNAL_ONLY)
public class BigqueryPollJobAction implements Runnable {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();

17
core/src/main/java/google/registry/request/auth/Auth.java
View File

@@ -65,13 +65,18 @@ public enum Auth {
AUTH_PUBLIC_OR_INTERNAL(
ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API), AuthLevel.APP, UserPolicy.PUBLIC),
/**
* Allows only admins or App Engine task-queue access.
*/
/** Allows only admins or App Engine task-queue access. */
AUTH_INTERNAL_OR_ADMIN(
ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API),
AuthLevel.APP,
UserPolicy.ADMIN);
ImmutableList.of(AuthMethod.INTERNAL, AuthMethod.API), AuthLevel.APP, UserPolicy.ADMIN),
/**
* Allows only App Engine task-queue access.
*
* <p>In general, prefer AUTH_INTERNAL_OR_ADMIN. This level of access should be reserved for
* endpoints that have some sensitivity (it was introduced to mitigate a remote-shell
* vulnerability).
*/
AUTH_INTERNAL_ONLY(ImmutableList.of(AuthMethod.INTERNAL), AuthLevel.APP, UserPolicy.IGNORED);
private final AuthSettings authSettings;